mirror of https://github.com/easzlab/kubeasz.git
37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
- name: prepare some dirs
|
||
file: name={{ item }} state=directory
|
||
with_items:
|
||
- "{{ bin_dir }}"
|
||
- "{{ ca_dir }}"
|
||
- "{{ base_dir }}/roles/prepare/files/"
|
||
|
||
- name: 下载证书工具 CFSSL
|
||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||
with_items:
|
||
- cfssl
|
||
- cfssl-certinfo
|
||
- cfssljson
|
||
|
||
- name: 准备CA配置文件
|
||
template: src=ca-config.json.j2 dest={{ ca_dir }}/ca-config.json
|
||
|
||
- name: 准备CA签名请求
|
||
template: src=ca-csr.json.j2 dest={{ ca_dir }}/ca-csr.json
|
||
|
||
- name: 生成 CA 证书和私钥
|
||
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert -initca ca-csr.json | {{ bin_dir }}/cfssljson -bare ca"
|
||
|
||
# 为了保证整个安装的幂等性,如果已经生成过CA证书,就使用已经存在的CA;删除/roles/prepare/files/ca* 可以使用新CA 证书
|
||
- name: 准备分发 CA证书
|
||
copy: src={{ ca_dir }}/{{ item }} dest={{ base_dir }}/roles/prepare/files/{{ item }} force=no
|
||
with_items:
|
||
- ca.pem
|
||
- ca-key.pem
|
||
- ca.csr
|
||
- ca-config.json
|
||
|
||
# kubedns.yaml文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数
|
||
- name: 准备 kubedns的部署文件 kubedns.yaml
|
||
template: src=kubedns.yaml.j2 dest={{ base_dir }}/manifests/kubedns/kubedns.yaml
|
||
|